package czy.demo.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.session.jdbc.JdbcOperationsSessionRepository;
import org.springframework.session.security.SpringSessionBackedSessionRegistry;
import org.springframework.session.web.http.HeaderHttpSessionIdResolver;
import org.springframework.session.web.http.HttpSessionIdResolver;

/* spring session 配置类 */
@Configuration
public class SpringSessionConfig {

    public static final String SESSION_HEADER = "X-Auth-Token";

    @Lazy
    @Autowired
    private JdbcOperationsSessionRepository sessionRepository;

    /* 基于X-Auth-Token的session解析器
    * 全局只有一个sessionId解析器
    */
    @Bean
    public HttpSessionIdResolver httpSessionIdResolver() {
        return new HeaderHttpSessionIdResolver(SESSION_HEADER);
    }

    /** session注册，安全框架中使用 */
    @Bean
    public SessionRegistry sessionRegistry(){
        return new SpringSessionBackedSessionRegistry<>(sessionRepository);
    }
}
